-
Step 1: goto shodan and search for
Pingback; for thos who need context: read this -
Step 2: extract the DATA from shodan-export.json.gz:
with some older files i had just over 150k wordpress-installations
[ trigger@happy ~ ] zless shodan-export.json.gz | jq .data | grep "X-Pingback" | awk -F "Pingback:" '{print $2}' | awk -F "/xmlrpc" '{print $1}' | sort -u > wc-pongback.list
[ trigger@happy ~ ] > wc -l wc-pongback.list
151531 wc-pongback.list
- Step 3: run the whole list through a parser that does the following:
- check if the website is online
- check if
/xmlrpc.phpexists, if not, continue - check if
/feedexists, is loadable with feedparser - select a random wp-post-url from feeds, neede dlater for callback
- write res to a file
Fragen? Kontakt: info@zero.bs